By Barley Laing, the UK Managing Director at Melissa
eCommerce has shown rapid growth in recent years. Its convenience factor, brought to the attention of many more shoppers by the pandemic, is encouraging more people to shop online.
Stats show that the global eCommerce market is predicted to grow to 3.5 trillion pounds by 2021, and by 2022 online sales will make up 20% of all global sales.
This rapid shift towards online means a greater risk of cybercrime and fraudulent activity, with retailers expected to lose almost $130 billion in revenue worldwide by 2023.
Let’s take a look at common fraud challenges retailers face today
Account takeover (ATO)
Essentially known as online identity theft, this is when cybercriminals gain access to one or more accounts to carry out unauthorised transactions. This is the weapon of choice for fraudsters. ATO increased 282% between 2019 and the end of 2020.
Many eCommerce websites offer customisable profiles to make their valuable customers feel at home. They can pre-store their contact information like shipping address, email address and date of birth for birthday discounts, as well as alternative payment methods. This simplifies the customer journey and speeds up checkout. However, if this data is stolen it can be used by fraudsters.
Card Not Present Fraud
This is another well-known challenge. All online transactions are marked as ‘Card not Present’ along with phone orders, recurring payments and invoices that are paid online. This is when a criminal will use someone else’s compromised card information to make a remote purchase, commonly known as ‘credit card scam’.
For merchants, this can be quite difficult to combat as the card doesn’t need to be physically present nor the person presenting it. Usually merchants will bear the loss of having to issue a chargeback to the bank of the victim.
Chargebacks / Friendly Fraud
We see this as the most common type of fraud in the eCommerce space, and one that is expensive to retailers. It happens when a customer makes an online purchase then contacts their card issuer to force a refund claiming that it’s the merchant’s mistake.
This is a different approach to the above where unauthorised thirds parties use someone else’s information which is why it’s called ‘friendly fraud’.
It’s estimated that this type of fraud costs the retail industry up to $31 billion per annum. Research suggests that although this was already a growing area of concern for merchants and card issuers, the problem accelerated during the pandemic when more people were shopping online.
This type of fraudulent activity is hard to identify, mainly because there is not a related ‘chargeback’ or unauthorised activity associated with it. Instead it’s seen as obvious customer abuse towards refund policies and promotions. Research on consumer behaviour has sparked retailers pushing people to take advantage of promotions and the easy and convenient refund policies. With an influx of requests made for those easy refunds and individuals finding ways to use these promotional codes more than once, e-tailers usually come out second best, particularly as they have to cover the cost of free shipping.
This is where a 3-way process is set up giving it a ‘triangular system’. First the criminal will create a fake online storefront, offering popular known brand names and items for bargain or basement prices. When initial purchases are made, you would usually think it would stop there with the fraudster stealing names and personal credentials, and the customer not receiving their item at all. However, the process continues with a second step, using stolen credit card numbers to buy items from a legitimate online store and shipping it to the customer.
The third step is the payoff for the whole process. Criminals use the stolen customer data to make additional purchases that they ship to themselves. Because the initial items are received the customer usually does not realise anything suspicious, but will often respond by initiating a chargeback for fraudulent activity on the other transactions made by the fraudster, which the merchant has to cover.
Recommendations to stay on top
Retailers must ensure their customers are protected from fraudulent activity during the purchasing process, while at the same time delivering the best possible shopping experience.
There are simple implementations any retailer can consider to minimise the above threats.
It’s best to start with simple data quality practices, which at the core stem from plain and simple contact data verification. Making sure email and phone numbers are live, callable and part of a genuine host, and even determining the common language in use for the given area code. There have been too many occasions where fraudsters have used fake phone numbers and emails to bypass verification procedures when signing up and purchasing online.
Valid address data is another important factor to ensure only deliverable addresses enter your system, which is standardised to any country format. Having an address lookup functionality on your web forms or checkout process will safeguard the risk of fake addresses being used. Another to consider is that an address verification system (AVS) compares numeric parts of a billing address stored on a credit card and the address on file at the credit card company. This can block purchases made from unauthorised users.
The last solution is more around the KYC screening aspect, which aims toward businesses needing to adhere to compliance measures, like alcohol and gambling e-tailors needing to verify the age of new customers and financial services offering overseas money transfers. Know your customer (KYC) verification procedures can range from simple age verification or proof of address, all the way to ID document scanning, biometrics and liveness detection when onboarding new customers for ‘higher risk’ online transactions.
Depending on the type of business model you have, industry and what you are selling online, no two businesses are the same. Each will come across certain types of fraudulent activity more commonly than others, with most appealing toward a certain type of customer profile, target locations, individual buying journeys and so on.
It is important to note that it can often be difficult to determine fraudsters from genuine customers as increasing digitalisation brings even more opportunities for fraudulent activity each year. Implementing data quality and identity verification solutions can ultimately minimise any potential threats and maximise business efforts in the long term.
By Barley Laing, the UK Managing Director at Melissa